--- apiVersion: v1 items: - apiVersion: v1 data: cnibincopy.sh: |- #!/bin/bash set -e function log() { echo "$(date --iso-8601=seconds) [cnibincopy] ${1}" } DESTINATION_DIRECTORY=/host/opt/cni/bin/ # Perform validation of usage if [ -z "$RHEL8_SOURCE_DIRECTORY" ] || [ -z "$RHEL9_SOURCE_DIRECTORY" ] || [ -z "$DEFAULT_SOURCE_DIRECTORY" ]; then log "FATAL ERROR: You must set env variables: RHEL8_SOURCE_DIRECTORY, RHEL9_SOURCE_DIRECTORY, DEFAULT_SOURCE_DIRECTORY" exit 1 fi if [ ! -d "$DESTINATION_DIRECTORY" ]; then log "FATAL ERROR: Destination directory ($DESTINATION_DIRECTORY) does not exist" exit 1 fi # Collect host OS information . /host/etc/os-release rhelmajor= # detect which version we're using in order to copy the proper binaries case "${ID}" in rhcos|scos) RHEL_VERSION=$(echo "${CPE_NAME}" | cut -f 5 -d :) rhelmajor=$(echo $RHEL_VERSION | sed -E 's/([0-9]+)\.{1}[0-9]+(\.[0-9]+)?/\1/') ;; rhel|centos) rhelmajor=$(echo "${VERSION_ID}" | cut -f 1 -d .) ;; fedora) if [ "${VARIANT_ID}" == "coreos" ]; then rhelmajor=8 else log "FATAL ERROR: Unsupported Fedora variant=${VARIANT_ID}" exit 1 fi ;; *) log "FATAL ERROR: Unsupported OS ID=${ID}"; exit 1 ;; esac # Set which directory we'll copy from, detect if it exists sourcedir= founddir=false case "${rhelmajor}" in 8) if [ -d "${RHEL8_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL8_SOURCE_DIRECTORY} founddir=true fi ;; 9) if [ -d "${RHEL9_SOURCE_DIRECTORY}" ]; then sourcedir=${RHEL9_SOURCE_DIRECTORY} founddir=true fi ;; *) log "ERROR: RHEL Major Version Unsupported, rhelmajor=${rhelmajor}" ;; esac # When it doesn't exist, fall back to the original directory. if [ "$founddir" == false ]; then log "Source directory unavailable for OS version: ${rhelmajor}" sourcedir=$DEFAULT_SOURCE_DIRECTORY fi # Use a subdirectory called "upgrade" so we can atomically move fully copied files. # We now use --remove-destination after running into an issue with -f not working over symlinks UPGRADE_DIRECTORY=${DESTINATION_DIRECTORY}upgrade_$(uuidgen) rm -Rf $UPGRADE_DIRECTORY mkdir -p $UPGRADE_DIRECTORY cp -r --remove-destination ${sourcedir}* $UPGRADE_DIRECTORY if [ $? -eq 0 ]; then log "Successfully copied files in ${sourcedir} to $UPGRADE_DIRECTORY" else log "Failed to copy files in ${sourcedir} to $UPGRADE_DIRECTORY" rm -Rf $UPGRADE_DIRECTORY exit 1 fi mv -f $UPGRADE_DIRECTORY/* ${DESTINATION_DIRECTORY}/ if [ $? -eq 0 ]; then log "Successfully moved files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" else log "Failed to move files in $UPGRADE_DIRECTORY to ${DESTINATION_DIRECTORY}" rm -Rf $UPGRADE_DIRECTORY exit 1 fi rm -Rf $UPGRADE_DIRECTORY kind: ConfigMap metadata: annotations: kubernetes.io/description: | This is a script used to copy CNI binaries based on host OS release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T13:25:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:cnibincopy.sh: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"92b7ca17-a2fa-47e9-b3da-c314df3bf27d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T13:25:54Z" name: cni-copy-resources namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 92b7ca17-a2fa-47e9-b3da-c314df3bf27d resourceVersion: "2287" uid: d943d89e-8623-4c34-8cb8-a77c065dd4ec - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T13:25:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:allowlist.conf: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} f:release.openshift.io/version: {} manager: network-operator operation: Update time: "2026-06-09T13:25:54Z" name: cni-sysctl-allowlist namespace: openshift-multus resourceVersion: "2282" uid: 82a2fc4b-e6a3-4098-ba10-7b4ca1258d92 - apiVersion: v1 data: allowlist.conf: |- ^net.ipv4.conf.IFNAME.accept_redirects$ ^net.ipv4.conf.IFNAME.accept_source_route$ ^net.ipv4.conf.IFNAME.arp_accept$ ^net.ipv4.conf.IFNAME.arp_notify$ ^net.ipv4.conf.IFNAME.disable_policy$ ^net.ipv4.conf.IFNAME.secure_redirects$ ^net.ipv4.conf.IFNAME.send_redirects$ ^net.ipv6.conf.IFNAME.accept_ra$ ^net.ipv6.conf.IFNAME.accept_redirects$ ^net.ipv6.conf.IFNAME.accept_source_route$ ^net.ipv6.conf.IFNAME.arp_accept$ ^net.ipv6.conf.IFNAME.arp_notify$ ^net.ipv6.neigh.IFNAME.base_reachable_time_ms$ ^net.ipv6.neigh.IFNAME.retrans_time_ms$ kind: ConfigMap metadata: annotations: kubernetes.io/description: | Sysctl allowlist for nodes. release.openshift.io/version: 4.21.19 creationTimestamp: "2026-06-09T13:25:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:allowlist.conf: {} f:metadata: f:annotations: f:kubernetes.io/description: {} f:release.openshift.io/version: {} f:ownerReferences: k:{"uid":"92b7ca17-a2fa-47e9-b3da-c314df3bf27d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T13:25:54Z" name: default-cni-sysctl-allowlist namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 92b7ca17-a2fa-47e9-b3da-c314df3bf27d resourceVersion: "2281" uid: 5f387467-a98f-4872-aed4-1ea2f05cbd4e - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIDPDCCAiSgAwIBAgIIdiruZNm9/AgwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwOTEzMjM0MloX DTM2MDYwNjEzMjM0MlowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy b290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qVkNs5Mcyf5 EHN3MSHfgCjvoEA0ZonN7rztqulURgfFlUZeH8JuFUk2ZQb/MyMfNdqp1sqtAPcP 8OdEHa/ynl8xGOeyaPIczEZMrclc3AXpE7h9Usk5xjHhwnL36B3//ixI8zlc9k4q v/N4bzBnaU0QxH0xaF/NDaptLqmpxY1p9a4RqUX7lo/Lb2l17yMmuCNj75UxuPBg 6dOaHtwmisUcCM/D/M4350mlGsW9AGbw/kVgVqxKeq8RMObYWpteJZVHcfJ0OVpB P3mlIM/jnXMAKFuQnO70rxSD08uMVIVHwd5qsTwKtfKhiGV2BT6PB5DGkl8T1qrL AvJN7StZEQIDAQABo24wbDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB /zBJBgNVHQ4EQgRAcGLrTARBIWd7+zBP50PMybH8PVReVqvl0m+GnH64UBfCbGTj 2D6f+L4Jk3JHiPnrubsl+GentL0gRYyntB+n5zANBgkqhkiG9w0BAQsFAAOCAQEA CAheZYv2LmP2U/7copdbtHhrCKvdlG7vOLF+P2voYqBwYubFMgAzVJHH4nIHeVUd BPVZlJkDvXWeW44cs0sQTfDaN3TQoieTGfprTkRBIrbZH/xss0g8s2T3UB/WpSnl t3NDQxYtXYsUNyC/r39kyzqOzeuaorBn9F33RY8AeT+NAYzBMqssmPgU4FG6BFPR a9PlQLGyxgVUDi5RG0n4FaVxPRGtlX+u40kwmFwsN+fOpaRIFeEuSbxVBRT3gatt mWoYayUzcfTIGlcJLq34zSc6PaV7iQjMZhAfTEMqJ3hb/LiHYQS6WlrwhQwcOm0e Ld1d7k9oA0xcCatRzSqy5g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIIBTezVN/1pQkwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE CxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTI2MDYwOTEzMjQwNVoX DTI3MDYwOTEzMjQwNVowMDESMBAGA1UEChMJb3BlbnNoaWZ0MRowGAYDVQQDExFv cGVuc2hpZnQtaW5ncmVzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AK034UVWo+H6vvpa9OHQXdNRJHTVr4nlsjRhNhE5PZ9kKmcDmlRt47LYB19Je2JX Ap6sFJ4A6oZgIsz/Od4y0XXRaw2m85gw5EfofNHsxffA/F9pyP+vB4/C1NaFzMSZ ADLxkwSuj0nYqwRXcIINgFJY8bJgoeLGHJScl4Nw4sy4EHsAc5XLvte1uHJrbU0a zRT1iHNjsGTaes3fslP798amiRWxr7CpTSFnefyGlUF+0xiBkNXqDPMFipWnzHPw HODoEvhc7ijyQyVreq0eTYxE7pkzOgJ9aVtaKXnejKvOKfdXUVe1c01T2XMYYoA5 hrRmYxVNsID6bWExo//L2t8CAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBJBgNV HQ4EQgRATK35kc1Eq4lz4qDlmWWDnywbiMQNMw2nYxgYT4j3Y3aPecg02tXO2ead 1KoUcbJxkV3xNCnXHhocbTbSjvwO5DBLBgNVHSMERDBCgEBwYutMBEEhZ3v7ME/n Q8zJsfw9VF5Wq+XSb4acfrhQF8JsZOPYPp/4vgmTckeI+eu5uyX4Z6e0vSBFjKe0 H6fnMEsGA1UdEQREMEKCQCouYXBwcy4xY2M0ODk1OS0yOTdhLTQ4MjgtYWY3Zi01 NjRkZWFjOGViNzcucHJvZC5rb25mbHV4ZWFhcy5jb20wDQYJKoZIhvcNAQELBQAD ggEBACIjEiTBY4SFwK8EYGyLx1TwNu+r25V3S2GdRG/ThGqE2XUrxy/J5cU15YKl IBOyYgCEWhDspftiDfghdg78S+moEQMPdDp0ebxCs+SJF/cmz0j83+eMbBJZd15N 2Ec1QiNEQV2zcUgEAV40VYLygakQLYvcfsTH7tHoc9cHQ/eyYIGj12HbglvGYit8 ka82lzQNhpAL8vbMzcI+mxElrK9lt78ZnD+AJBtSmzWJJ6MJxjwKLoYowpt0zgcP gHf+FG91SaGZKxHIHNw7y4gZb5P4ajZzmmf/PFzF0THYLu1CUz2M2fL9IACjNHyT URtUruCCwQLkYwcZPczshmABcy4= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2026-06-09T13:26:04Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:ca.crt: {} f:metadata: f:annotations: .: {} f:kubernetes.io/description: {} manager: kube-controller-manager operation: Update time: "2026-06-09T13:26:04Z" name: kube-root-ca.crt namespace: openshift-multus resourceVersion: "2599" uid: 85203543-bf51-429c-8a43-5f1054b66894 - apiVersion: v1 data: daemon-config.json: | { "cniVersion": "0.3.1", "chrootDir": "/hostroot", "logToStderr": true, "logLevel": "verbose", "binDir": "/var/lib/cni/bin", "perNodeCertificate": { "enabled": true, "bootstrapKubeconfig": "/var/lib/kubelet/kubeconfig", "certDir": "/etc/cni/multus/certs", "certDuration": "24h" }, "cniConfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "multusAutoconfigDir": "/host/run/multus/cni/net.d", "namespaceIsolation": true, "globalNamespaces": "default,openshift-multus,openshift-sriov-network-operator,openshift-cnv", "readinessindicatorfile": "/host/run/multus/cni/net.d/10-ovn-kubernetes.conf", "daemonSocketDir": "/run/multus/socket", "socketDir": "/host/run/multus/socket", "auxiliaryCNIChainName": "vendor-cni-chain" } kind: ConfigMap metadata: creationTimestamp: "2026-06-09T13:25:54Z" labels: app: multus tier: node managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:daemon-config.json: {} f:metadata: f:labels: f:app: {} f:tier: {} f:ownerReferences: k:{"uid":"92b7ca17-a2fa-47e9-b3da-c314df3bf27d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T13:25:54Z" name: multus-daemon-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 92b7ca17-a2fa-47e9-b3da-c314df3bf27d resourceVersion: "2335" uid: ff0e7e18-4c9d-44b6-9bc8-40bb87542b75 - apiVersion: v1 data: service-ca.crt: | -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIIRxoNsCOH2OUwDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc4MTAxMjE2OTAe Fw0yNjA2MDkxMzM2MDhaFw0yODA4MDcxMzM2MDlaMDYxNDAyBgNVBAMMK29wZW5z aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3ODEwMTIxNjkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt5gIe+6L088aVOV0XorkH2ax92uTtZbcw nsmwpWRwq5sOHZzRNSOzlC6I1ktgleJqn+trHSp7HcvhfRtwl2klUA884tnmjWoV IBAWmahn30rr5V67RRWcqk1NCbvptPmpOC0OwL84OMVnb/l1UOfghGSGH2pI7W00 bPRfWSQc8qtDp4wKF9r60Lc/EzWAS1q1sqJN+z5JG6J27wWR+ce9tvik2CIGUNK6 5CBbJzQ/RRdjKUZNDMMdH/t6eTpdkJfVKWUQhu0ww849bnCmArI78fjQEGn2pncN BleGKkxb2nMXknZQ7aUwZFnE+yKm+xQqE0eNjDWd1zZnBKAnxPMLAgMBAAGjYzBh MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkz0DP SAoUth2bP9+rEbSpCCn7LjAfBgNVHSMEGDAWgBTkz0DPSAoUth2bP9+rEbSpCCn7 LjANBgkqhkiG9w0BAQsFAAOCAQEAklAEaRlMJvX2m6hkjJ0wodoOn7QbRE0bblqO +7zdFszD5CdY0G+AzzFz09ryIdBnboYCc9jPPSZSZLDqqe3jazhsFlihD7Z+Ce4Y FougY2GGKXxJ4gV4qLK17TXTVwZQEUiLnjVsDLaAH1QEAI+CEvVdyfcf9UnvziVe L7CjeM0UFmdLrrMkdD4CzJag2kzGp59M2/M8dphC4z+TUG3EoET+Ynl5tUfhB0YA Ge1URRGA3aVodhwZCN9GqUNHDDb6Wjvk3AW9Jw7M3wt0os5bRPAslDvaw7eNonSw P/hfS8RqwOpzqFYVmvLsxCrD95VlamkNDHsPIow2ebVUnSGHZA== -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: service.beta.openshift.io/inject-cabundle: "true" creationTimestamp: "2026-06-09T13:26:03Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: {} f:metadata: f:annotations: .: {} f:service.beta.openshift.io/inject-cabundle: {} manager: kube-controller-manager operation: Update time: "2026-06-09T13:26:03Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:service-ca.crt: {} manager: service-ca-operator operation: Update time: "2026-06-09T13:36:23Z" name: openshift-service-ca.crt namespace: openshift-multus resourceVersion: "9042" uid: 0f042c0f-98cf-46ba-b8b9-2259f9d9103c - apiVersion: v1 data: whereabouts.conf: | { "datastore": "kubernetes", "kubernetes": { "kubeconfig": "/etc/kubernetes/cni/net.d/whereabouts.d/whereabouts.kubeconfig" }, "reconciler_cron_expression": "30 4 * * *", "log_level": "verbose", "configuration_path": "/etc/kubernetes/cni/net.d/whereabouts.d" } kind: ConfigMap metadata: creationTimestamp: "2026-06-09T13:25:54Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: f:whereabouts.conf: {} f:metadata: f:ownerReferences: k:{"uid":"92b7ca17-a2fa-47e9-b3da-c314df3bf27d"}: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-06-09T13:25:54Z" name: whereabouts-flatfile-config namespace: openshift-multus ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 92b7ca17-a2fa-47e9-b3da-c314df3bf27d resourceVersion: "2292" uid: 8b09aff3-32fa-49fd-9555-97ae096eca55 kind: ConfigMapList metadata: resourceVersion: "12162"